If you've met me in person over the past year in a business situation, I was probably representing Verdasys and you were more than likely looking at doing something about your organisation's data security posture. In fact, our meeting was probably due to an organisational data leakage prevention initiative you had to be involved with.
If this is a surprise to those of you reading this, then you haven't tried very hard to figure out what I do for a day job (actually, I should say "did" - more on that in a moment) because it's readily available out on the web. In fact, Matt Flynn lists this fact on his blogroll because he bothered to look (Matt, I don't know if you read my blog regularly but you should probably remove the "Verdasys" association now).
I've been THE "technical face" of Verdasys across EMEA (Europe, Middle East and Africa) for the past year, but that association stopped just over 2 weeks ago. I say association because technically speaking, I was consulting for them in a freelance capacity. It's been an interesting experience and I learned a lot about data security, which served as the perfect complement to my experiences in the Identity and Access Management world.
As a result, I purposely avoided saying anything of significance about Verdasys due to the obvious conflict of interest. In fact, I think I only mentioned Verdasys once and that was via a direct quote from an IBM press release. I won't say too much more for now other than the fact I still believe they have a great solution and a great team to move the company forward. For me personally, it was just time to move on and opportunity came calling. I maintain very good relationships with everyone (some subscribe to this blog...hi guys) I had the pleasure of working with and wish them nothing but the best. Of course if they do something I don't particularly agree with in terms of strategy, I'll be calling them out on it (like I've been doing with every other vendor out there, including IBM).
2 months into my data security "gig", I wrote about my impressions of the data security and leakage prevention landscape at the time. I'll be doing a follow up post in the next few weeks regarding my impressions as of now so stay tuned.
As for what I've moved on to, it's like the title of this post says. I'm back in the Identity and Access Management world, but more from a strategic standpoint. I can't say much more about it not because I'm sworn to secrecy, but because it's a very interesting and fluid role and things are changing all the time. In fact, a lot of the onus is on me to help figure out what needs to be done. All I can say for now is that for the past 2 weeks I've been taking a look at the governance and compliance aspects (the industry calls it GRC - Governance, Risk and Compliance) of security, which obviously revolves around Identity and Entitlements.
Of course, as far as this blog is concerned it's business as usual.